Route 2 Different Network with RB750

RouterOS General
1

koja-kominfo network.jpg
koja-kominfo network.jpg676×413 23.6 KB

RB750 with 2 different Network Subnet
Port 1(ether1-gateway): Internet Connection
Port 2(ether2-master local): LAN1 (Branch Office) - Address 192.168.1.1 (act as Gateway to Internet), 192.168.1.0/21 (Network)
Port 3(ether3-slave local): LAN2 (Head Office) - Address 10.15.165.2, 10.15.165.1 (Gateway), 10.15.165.0/24 (Network)

NAT is only to LAN1, so the idea is, the branch office want to connect to head office or vice versa.

my NAT config:
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=ether1-gateway

my Route config:
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 36.69.208.1 1
1 ADC 36.69.208.1/32 36.69.214.37 ether1-gateway 0
2 ADC 192.168.1.0/24 192.168.1.1 ether2-master-l... 0
3 ADC 10.15.165.0/24 10.15.165.2 ether3-slave-l.. 1

The problem that I am facing it right now is my branch office PC can't ping to Head Office Network, but I can ping the Cisco Router Gateway (10.15.165.1) via Terminal Winbox, but not from the PC.

did i miss something here, sorry for this silly question, I need your help guys.

2

I think your NAT is not correct; if you want to NAT 192.168.1.0/21 replace your NAT rule by

/ip firewall nat add  chain=srcnat src-address=192.168.1.0/21 action=masquerade
3

What is the network settings of the head office network?

Is ether3-slave-local still on the bridge/switch? If so you should remove it.

/interface ethernet
set ether3-slave-local master-port=none
4

Hi,

Sorry for late respond, finally I can connect to other network that behind the cisco router by using masquerade the second ether port.

i can connect to internet and ping other network perfectly, but the next hop is killing me, i saw there’re two next hop on ip-route menu, the first one is the ether2 (cisco gateway) and the second one is the internet. when someone want go to internet, it must be pass the first hop which is cisco gateway, and sometime is stuck (RTO, if I am ping google.com), but if ping inside winbox terminal, there’s no RTO, I tried to swap the next hop between cisco and the internet, the problem is vice versa.

how to make this route on my Windows client working very well? do i need to put two gateway on the client?

Thx

5

That is an interesting description, but maybe posting “/ip address” and “/ip route” might make it clearer.

Did you remove ether3-slave-local from the switch?